From patchwork Fri Apr 29 14:11:54 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Juliusz Sosinowicz <juliusz@wolfssl.com>
X-Patchwork-Id: 1624362
Return-Path: 
 <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: bilbo.ozlabs.org;
	dkim=pass (2048-bit key;
 secure) header.d=lists.infradead.org header.i=@lists.infradead.org
 header.a=rsa-sha256 header.s=bombadil.20210309 header.b=QbHAKmwh;
	dkim-atps=neutral
Authentication-Results: ozlabs.org;
 spf=none (no SPF record) smtp.mailfrom=lists.infradead.org
 (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org;
 envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;
 receiver=<UNKNOWN>)
Received: from bombadil.infradead.org (bombadil.infradead.org
 [IPv6:2607:7c80:54:e::133])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by bilbo.ozlabs.org (Postfix) with ESMTPS id 4KqZH81BVsz9s0r
	for <incoming@patchwork.ozlabs.org>; Sat, 30 Apr 2022 00:14:12 +1000 (AEST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc
	:To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:
	Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:
	List-Owner; bh=yYsfcuJWsSlxupPHzSxL1GmZXSOgoOdt1esith+1KgA=; b=QbHAKmwhIFbiB+
	6rw0UlndzOFb3W/OMB9oxbeI5wls+YxJlv1AggyPju2t2ZxHIsTGri3FDIGPJVRpUbwyh+68+5Q6k
	iiZgxwi6HNDjziHPyAGjC9kBDTH4cUlYF348V+sL1gaWIYnYvbKBy00DGeHkVr8CXXBSItjuepT3H
	fHqdPFtUcUD51yY65J3DIpJMXHVdvQB0DRvA8LdFS5EHiZYt/IOLhb+zy3B2Nk25YJTw7vLUbTsjr
	Iqjx42JphsxVnLT6KQs5pP4gePe3+uPipIWCfi1zIJ15ac2samYURDmjV4E2F6B43/W5Zf5jXWTJM
	Fpt2FiUJ1NXiLr/OzF6w==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux))
	id 1nkRMq-00BVh6-VQ; Fri, 29 Apr 2022 14:13:09 +0000
Received: from p3plsmtpa08-02.prod.phx3.secureserver.net ([173.201.193.103])
 by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux))
 id 1nkRMl-00BVfm-LD
 for hostap@lists.infradead.org; Fri, 29 Apr 2022 14:13:05 +0000
Received: from localhost.localdomain ([188.212.135.187])
 by :SMTPAUTH: with ESMTPSA
 id kRLpnjL4BcBmukRMfn7nVf; Fri, 29 Apr 2022 07:12:58 -0700
X-CMAE-Analysis: v=2.4 cv=W8796Tak c=1 sm=1 tr=0 ts=626bf26a
 a=hBd5MtljtBjdjwZMofp0Cg==:117 a=hBd5MtljtBjdjwZMofp0Cg==:17 a=VTTltBjBAAAA:8
 a=QhMYk2Qk9NB-ruaG6xcA:9 a=on_vo79ac8RWgsiwd8Ea:22
X-SECURESERVER-ACCT: juliusz@wolfssl.com
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
To: hostap@lists.infradead.org
Cc: Juliusz Sosinowicz <juliusz@wolfssl.com>
Subject: [PATCH] Check the return of pbkdf2_sha1 for errors
Date: Fri, 29 Apr 2022 16:11:54 +0200
Message-Id: <20220429141153.65982-1-juliusz@wolfssl.com>
X-Mailer: git-send-email 2.25.1
MIME-Version: 1.0
X-CMAE-Envelope: 
 MS4xfLAlf570M+gPNfB4Nj1SBdfnq912kWJb08voNo7+BPfvuJs0MgqZ2LcdKk5r7aAs6Tgtzdt+9K9D9QwXjrAVNkx3G6d3wkvJVy1NlQ9r72UF1Cvp496h
 YA2tiIIyvJ+gMAoqhPDYMqf2lDGOa3NIcL6igF5RGdtEA346dml6ZezSd1pf1cKJbeqSk9i8DmWHQhVmWatyNGD5DkA1dCrLtB/a+FnSNi0kYs6axq1E5ehQ
 ozsK6LOtgl/DtwtoWxzr0w==
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20220429_071303_749416_58D6EA70 
X-CRM114-Status: GOOD (  13.24  )
X-Spam-Score: 0.0 (/)
X-Spam-Report: Spam detection software,
 running on the system "bombadil.infradead.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview: pbkdf2_sha1 may return errors and this should be checked in
 calls. This is especially an issue with FIPS builds because the FIPS
 requirement
 is that the password must be at least 14 characters. Signed-off-by: Juliusz
 Sosinowicz <juliusz@wolfssl.com> --- src/ap/ap_config.c | 7 +++++--
 src/ap/wpa_auth_glue.c
 | 7 +++++-- src/crypto/crypto_wolfssl.c | 13 +++++++++++--
 wpa_supplicant/config.c | 7 [...]
 Content analysis details:   (0.0 points, 5.0 required)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
 no trust [173.201.193.103 listed in list.dnswl.org]
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
X-BeenThere: hostap@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: <hostap.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/hostap>,
 <mailto:hostap-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/hostap/>
List-Post: <mailto:hostap@lists.infradead.org>
List-Help: <mailto:hostap-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/hostap>,
 <mailto:hostap-request@lists.infradead.org?subject=subscribe>
Sender: "Hostap" <hostap-bounces@lists.infradead.org>
Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

pbkdf2_sha1 may return errors and this should be checked in calls. This is especially an issue with FIPS builds because the FIPS requirement is that the password must be at least 14 characters.

Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
---
 src/ap/ap_config.c              |  7 +++++--
 src/ap/wpa_auth_glue.c          |  7 +++++--
 src/crypto/crypto_wolfssl.c     | 13 +++++++++++--
 wpa_supplicant/config.c         |  7 +++++--
 wpa_supplicant/wpa_passphrase.c |  6 +++++-
 wpa_supplicant/wpa_supplicant.c | 16 +++++++++++-----
 6 files changed, 42 insertions(+), 14 deletions(-)

diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c
index 051b843e93..015e9e0c88 100644
--- a/src/ap/ap_config.c
+++ b/src/ap/ap_config.c
@@ -461,9 +461,12 @@ static int hostapd_derive_psk(struct hostapd_ssid *ssid)
 	wpa_hexdump_ascii_key(MSG_DEBUG, "PSK (ASCII passphrase)",
 			      (u8 *) ssid->wpa_passphrase,
 			      os_strlen(ssid->wpa_passphrase));
-	pbkdf2_sha1(ssid->wpa_passphrase,
+	if (pbkdf2_sha1(ssid->wpa_passphrase,
 		    ssid->ssid, ssid->ssid_len,
-		    4096, ssid->wpa_psk->psk, PMK_LEN);
+		    4096, ssid->wpa_psk->psk, PMK_LEN) != 0) {
+		wpa_printf(MSG_ERROR, "Error in pbkdf2_sha1");
+		return -1;
+	}
 	wpa_hexdump_key(MSG_DEBUG, "PSK (from passphrase)",
 			ssid->wpa_psk->psk, PMK_LEN);
 	return 0;
diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c
index 71a487161c..fd9b928aba 100644
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@@ -391,10 +391,13 @@ static const u8 * hostapd_wpa_auth_get_psk(void *ctx, const u8 *addr,
 		psk = sta->psk->psk;
 		for (pos = sta->psk; pos; pos = pos->next) {
 			if (pos->is_passphrase) {
-				pbkdf2_sha1(pos->passphrase,
+				if (pbkdf2_sha1(pos->passphrase,
 					    hapd->conf->ssid.ssid,
 					    hapd->conf->ssid.ssid_len, 4096,
-					    pos->psk, PMK_LEN);
+					    pos->psk, PMK_LEN) != 0) {
+					wpa_printf(MSG_WARNING, "Error in pbkdf2_sha1");
+					continue;
+				}
 				pos->is_passphrase = 0;
 			}
 			if (pos->psk == prev_psk) {
diff --git a/src/crypto/crypto_wolfssl.c b/src/crypto/crypto_wolfssl.c
index 2aa85182b5..336e59a0c6 100644
--- a/src/crypto/crypto_wolfssl.c
+++ b/src/crypto/crypto_wolfssl.c
@@ -27,6 +27,7 @@
 #include <wolfssl/wolfcrypt/cmac.h>
 #include <wolfssl/wolfcrypt/ecc.h>
 #include <wolfssl/wolfcrypt/asn_public.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/openssl/bn.h>
 
 
@@ -282,9 +283,17 @@ int hmac_sha512(const u8 *key, size_t key_len, const u8 *data,
 int pbkdf2_sha1(const char *passphrase, const u8 *ssid, size_t ssid_len,
 		int iterations, u8 *buf, size_t buflen)
 {
-	if (wc_PBKDF2(buf, (const byte*)passphrase, os_strlen(passphrase), ssid,
-		      ssid_len, iterations, buflen, WC_SHA) != 0)
+	int ret = wc_PBKDF2(buf, (const byte*)passphrase, os_strlen(passphrase), ssid,
+		      ssid_len, iterations, buflen, WC_SHA);
+	if (ret != 0) {
+		if (ret == HMAC_MIN_KEYLEN_E) {
+			wpa_printf(MSG_ERROR, "wolfSSL: Password is too short. Make sure "
+				"your password is at least %d characters long. This is a "
+				"requirement for FIPS builds.",
+				HMAC_FIPS_MIN_KEY);
+		}
 		return -1;
+	}
 	return 0;
 }
 
diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c
index 782bb2197d..9bcf974f21 100644
--- a/wpa_supplicant/config.c
+++ b/wpa_supplicant/config.c
@@ -3423,8 +3423,11 @@ char * wpa_config_get_no_key(struct wpa_ssid *ssid, const char *var)
 void wpa_config_update_psk(struct wpa_ssid *ssid)
 {
 #ifndef CONFIG_NO_PBKDF2
-	pbkdf2_sha1(ssid->passphrase, ssid->ssid, ssid->ssid_len, 4096,
-		    ssid->psk, PMK_LEN);
+	if (pbkdf2_sha1(ssid->passphrase, ssid->ssid, ssid->ssid_len, 4096,
+		    ssid->psk, PMK_LEN) != 0) {
+		wpa_printf(MSG_ERROR, "Error in pbkdf2_sha1");
+		return;
+	}
 	wpa_hexdump_key(MSG_MSGDUMP, "PSK (from passphrase)",
 			ssid->psk, PMK_LEN);
 	ssid->psk_set = 1;
diff --git a/wpa_supplicant/wpa_passphrase.c b/wpa_supplicant/wpa_passphrase.c
index 538997e625..64eb3d587a 100644
--- a/wpa_supplicant/wpa_passphrase.c
+++ b/wpa_supplicant/wpa_passphrase.c
@@ -58,7 +58,11 @@ int main(int argc, char *argv[])
 		return 1;
 	}
 
-	pbkdf2_sha1(passphrase, (u8 *) ssid, os_strlen(ssid), 4096, psk, 32);
+	if (pbkdf2_sha1(passphrase, (u8 *) ssid, os_strlen(ssid), 4096, psk, 32)
+			!= 0) {
+		fprintf(stderr, "Error in pbkdf2_sha1\n");
+		return 1;
+	}
 
 	printf("network={\n");
 	printf("\tssid=\"%s\"\n", ssid);
diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index 64cad0af21..d3b9b775ee 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -1774,9 +1774,12 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
 		if (bss && ssid->bssid_set && ssid->ssid_len == 0 &&
 		    ssid->passphrase && !sae_only) {
 			u8 psk[PMK_LEN];
-		        pbkdf2_sha1(ssid->passphrase, bss->ssid, bss->ssid_len,
-				    4096, psk, PMK_LEN);
-		        wpa_hexdump_key(MSG_MSGDUMP, "PSK (from passphrase)",
+			if (pbkdf2_sha1(ssid->passphrase, bss->ssid, bss->ssid_len,
+				    4096, psk, PMK_LEN) != 0) {
+				wpa_msg(wpa_s, MSG_WARNING, "Error in pbkdf2_sha1");
+				return -1;
+			}
+			wpa_hexdump_key(MSG_MSGDUMP, "PSK (from passphrase)",
 					psk, PMK_LEN);
 			wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL, NULL);
 			psk_set = 1;
@@ -1810,8 +1813,11 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
 #ifndef CONFIG_NO_PBKDF2
 			if (wpabuf_len(pw) >= 8 && wpabuf_len(pw) < 64 && bss)
 			{
-				pbkdf2_sha1(pw_str, bss->ssid, bss->ssid_len,
-					    4096, psk, PMK_LEN);
+				if (pbkdf2_sha1(pw_str, bss->ssid, bss->ssid_len,
+					    4096, psk, PMK_LEN) != 0) {
+					wpa_msg(wpa_s, MSG_WARNING, "Error in pbkdf2_sha1");
+					return -1;
+				}
 				os_memset(pw_str, 0, sizeof(pw_str));
 				wpa_hexdump_key(MSG_MSGDUMP, "PSK (from "
 						"external passphrase)",